I'm a technology, privacy, and information security reporter and most recently the author of the book This Machine Kills Secrets, a chronicle of the history and future of information leaks, from the Pentagon Papers to WikiLeaks and beyond.
I've covered the hacker beat for Forbes since 2007, with frequent detours into digital miscellania like switches, servers, supercomputers, search, e-books, online censorship, robots, and China. My favorite stories are the ones where non-fiction resembles science fiction. My favorite sources usually have the word "research" in their titles.
Since I joined Forbes, this job has taken me from an autonomous car race in the California desert all the way to Beijing, where I wrote the first English-language cover story on the Chinese search billionaire Robin Li for Forbes Asia. Black hats, white hats, cyborgs, cyberspies, idiot savants and even CEOs are welcome to email me at agreenberg (at) forbes.com. My PGP public key can be found here.

DARPA-Funded Radio HackRF Aims To Be A $300 Wireless Swiss Army Knife For Hackers

Since the days of Alan Turing, the promise of a digital computer has been that of a universal machine, one that can be a word processor one minute and a robot brain the next. So why are radios, a technology even older than computers, still designed stubbornly to do one thing–like 3G, Wifi, FM, or GPS–for their entire lives?

In fact, the era of the single-purpose radio is over, says Michael Ossmann, the founder of an Evergreen, Colorado company called Great Scott Gadgets. And he believes he’s built the one cheap, hacker-friendly radio to rule them all.

At the ToorCon hacker conference in San Diego Saturday, Ossmann and his research partner Jared Boone plan to unveil a beta version of the HackRF Jawbreaker, the latest model of the wireless Swiss-army knife tools known as “software-defined radios.” Like any software-defined radio, the HackRF can shift between different frequencies as easily as a computer switches between applications–It can both read and transmit signals from 100 megaherz to 6 gigaherz, including frequencies as low as the range used by FM radio up to the gigaherz frequencies used by Wifi or experimental wireless protocols for cars communicating in traffic. In between those bookends lies everything from police radio to cellular signals from AT&T and Verizon to garage door openers–all signals that HackRF can instantaneously intercept or reproduce. And at Ossmann’s target price of $300, the versatile, open-source devices would cost less than half as much as currently existing software-defined radios with the same capabilities.

“Pretty much any wireless device that you can think of would be in the frequency range covered by HackRF,” says Ossmann.”Just from observing [a signal] over the air, you can reverse engineer it completely to figure out the information transmitted over the network, and potentially inject your own transmissions onto that network. All of that can be done with one HackRF device and a laptop.”

With HackRF in the hands of hackers or security researchers, in other words, no wireless signal would remain secure just by virtue of using a unique, unfamiliar frequency. Ossmann says that tools like HackRF mean wireless communications will need to evolve beyond the “security through obscurity” model of protecting communications that has long been considered outmoded in the wired computing world.

In a presentation at the Black Hat and Defcon security conference in July, for instance, French security researcher Andre Costin presented vulnerabilities in the next-generation air traffic control system known as ADS-B that he said would allow a hacker with a software-defined radio to track and even spoof planes in the sky, potentially creating dangerous distractions for pilots. The more accessible software-defined radios become, he warned, the more that threat materializes.

But Costin argued that meant ADS-B needs more security–not that software-defined radios themselves are dangerous. “Software-defined radios are a good thing and an important tool for research,” he told me. “A knife is a good thing in the kitchen but can be abused to do bad things. SDRs are the same.”

The Pentagon, at least, seems to think software-defined radios are a promising tool. To fund the beta testing phase of HackRF, the Department of Defense research arm known as the Defense Advanced Research Projects Agency (DARPA) pitched in $200,000 last February as part of its Cyber Fast Track program.

HackRF is far from the only attempt to create an affordable software-defined radio. A device called the USRP has been available for a few years from the company Ettus Research, though it ranges in price from $800 to $2000 depending on its capabilities. Hackers have also created far cheaper models of software defined radio adapted from TV tuners that cost less than $50. But those bootleg versions have a more limited frequency range and can only receive signals, not transmit them. ”HackRF fits right in the middle,” says Tom Rondeau, who manages the open-source radio software project GNU Radio. “There hasn’t been a way to transmit and receive at such a low cost, and that’s a big deal.”

Before founding Great Scott Gadgets, Ossmann honed his wireless expertise as a security researcher at the Department of Commerce’s National Telecommunications and Information Administration Lab in Boulder, Colorado, a job he described as being “the one security guy in a lab full of radio engineers.” But he says HackRF’s low cost is also largely the result of Moore’s Law: cheaper integrated circuits available only in the last few years have made the intensive computing needs software-defined radios far more accessible.

Ossmann isn’t shy about admitting the ways HackRF’s capabilities and cost could disrupt current security models for wireless communications. Better to put cheap software-defined radios in the hands of penetration testers who can demonstrate the insecurity of those communications than to reserve the technology only for better-funded attackers who would exploit the same wireless communications in secret.

But Ossmann also hopes it will be adopted by a wide spectrum of hackers and researchers who will use it for experimentation and creative purposes even he can’t predict. “If someone does something cool with HackRF and I say ‘Wow, I’ve never thought of that,’” he says, “That’s when I’ll know the project is a success.”

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

@Sam Dennis: Is the spread of knowledge a bad thing? Giving access to public airwaves to the masses can only help security. It forces the incumbent users of licensed bands to implement REAL security, because obscurity =/= security. I’d like to share some info with you about Linux, and the software development model that it brought to the world.

Maybe you posted your comment from an Android device, and there is a good chance that Forbes.com is hosted on a Linux server. Android is a form of Linux, and both are what is called Open Source Software (OSS). Meaning, the inner workings of the software, or the Source Code is open to the public, unlike Microsoft and Apple products, which are closed off and secret (security by obscurity). Being OSS, Linux is exposed to the world for security researchers to look at, find security holes, and submit improvements to fix these holes. There are thousands of security patches applied to Linux every day, and this is only possible because Millions of security researchers have full access to the source code. Millions of eyes scrutinizing the software. THAT is what makes Linux so secure and that is why more than 60% of the world’s websites are hosted on Linux, BSD and other Unix-like servers.

Your thought process is what stifles innovation. You would probably have protested the interconnection of corporations and universities to create a world wide internetwork of computers. No one needs to let their computers talk to one another do they? Did you also boycott the creation of newspapers and television? Who needs information?

@Charles Although I agree with most of your comment, there is a lot you got wrong there. Most of the world’s websites may be hosted on nix servers, BUT the reason is not because it’s open source and easier to discover bugs and security holes. Most of the major security holes back in the early 2000s were in nix systems! Just because something is open source does not make it invulnerable to exploits, nor does it mean that open source software bugs & security issues are fixed before closed source stuff.

Also, something being closed source does NOT mean security through obscurity, that is the stupidest thing I’ve EVER heard when it comes to OSS conversations. Have you ever thought that these companies like Microsoft & Apple have teams of highly paid engineers whose sole job is to find and fix things like this? Have you ever thought that perhaps these people who put their entire time, effort, hard work, stress, pain, missed events with families, etc. deserve some compensation for their work? YOUR thinking is what stifles innovation, and frankly demotivates people from even establishing the great inventions of the past decade. I thought like you once, in high school, at a young age of 15. Then I grew up and got bills.

I never said *nix was invulnerable to exploits and security holes. I was simply explaining the development model and how being open can focus more manpower on the issues that may affect the security of a system. I am well aware of the throngs of MS and Apple engineers tasked with keeping those systems secure. There also exists throngs of paid developers working on Linux systems full time. Security through obscurity is not optimal, and thats why Apple employs security through simplicity in their Mach kernel. I am not a developer or a security researcher. These are simply the things I’ve learned in my quest of knowledge.

What a complete waste of Taxpayer’s money! This is no more than a ‘toy’ SDR with its 8 bit sampling – which severely limits its dynamic range. For DARPA to throw this guy $200,000 to build a ‘toy’ is completely shameful!

Well, I’m not real sure who knows what, or where the error lies but I know one thing. They’re not going to scan the lower FM band and listen to standard commercial FM radio if the range of the unit is 100Mhz to 6gig… Commercial FM starts at 87.9